You have surely seen them already. These are two files perched at the heart of your WordPress installation. I of course want to talk about wp-config.php and functions.php . They are both essential for the functioning of a WordPress website . Moreover, they are so sensitive that you may avoid touching them… However, their possibilities are so extensive that you could! As long as you are careful, of course.

And prudence begins with knowing what we are talking about! So let’s dive together to discover the wp-config.php and functions.php files and their specificities!wp-config and functions: the two pillars of a good WordPress

Functions.php and WP-config.php are two central files of a WordPress installation to customize, secure and optimize a website.


  • wp-config.php: the link with your WordPress database
    • A file to know but not to be taken lightly!
  • functions.php: the heart of your WordPress theme
    • What exactly is the functions.php?
    • Customize WordPress? It’s in the functions.php!
    • A file also there to enhance WordPress
    • Simple but very useful security features …
    • … And very efficient performance settings!
    • functions.php: a plugin or functions?

wp-config.php: the link with your WordPress database

Let’s start with the one that comes first: the wp-config.php file . First, because it is at the root of your installation. By root I mean where your home folders are: wp-admin, wp-content, and wp-includes.

The wp-config.php file is located at the root of your WordPress installation, under the wp-admin, wp-content, and wp-includes folders.

But what is wp-config.php and what is it for? Well, to sum it up to its primary function, this file tells the database how to access your files and how to process them. When I told you that it was very important …

So how come you can run your WordPress without ever having to deal with it? Maybe you are even hearing about it for the first time?

Your web host may automatically fill it out for you when creating your website. However, the most common situation is that you fill it out without realizing it. Indeed, during the quick installation of WordPress , you must fill in the information about your database.WordPress database and installation

Database information is automatically entered into wp-config.php during WordPress quick install

This information goes directly to your p, organized as below.

Database information can be found at the top of the wp-config.php file

A file to know but not to be taken lightly!

Here is the heart of wp-config.php and all its delicacy. A modification in the database without referring to it, or vice versa, and it is an error which points the tip of its nose! So for this part stick to what’s already registered there, be it the database name, username or password to server name, the prefix of your database tables and even the address of your website.

However, when you are comfortable with this file and its handling, it will allow you to control certain database behaviors without having to go there. 

Manage the architecture of your files with wp-config.php

However, everything I just explained to you belonged to the “easy” part. Indeed, this is not the only function of wp-config.php . From this file, you can also modify the architecture of your installation. By that I mean: changing the name and location of certain directories like wp-content , uploads or even plugins . How is this useful? Well, WordPress installs by default with these directories in this composition. A composition known to all and therefore easily identifiable for anyone who happens to enter your site. Customizing the architecture of your site is therefore a good way to surprise and discourage certain smart people.

How to fill in the wp-config to customize your WordPress?

Come on, as I am not a monster, I will give you in passing the few lines to insert to make these modifications. To do this, go to the bottom of the file, after the line “/ * That’s all, stop editing! Happy publishing. * / ”(Because we are crazy). Then, it is just after these lines that we will enter ours.

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
    define( 'ABSPATH', __DIR__ . '/' );

But just before these.

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

So, to change the wp-content directory, enter these lines in the wp-config.php :

define ('WP_CONTENT_DIR', dirname (__ FILE__). '/ my-new-directory');
define( 'WP_CONTENT_URL', '' );

WARNING: remember to rename the wp-content folder with the new name in your installation.

For the uploads file, enter this line in the wp-config.php:

define ('UPLOADS', 'new-folder / new-uploads');

CAUTION: remember to create the new folder and drop the renamed uploads folder there.

Finally, for the plugins folder, enter these lines in the wp-config.php:

define ('WP_PLUGIN_DIR', dirname (__ FILE__). '/ still-new-folder' / new-plugins');
define( 'WP_PLUGIN_URL', ''/nouveau-plugins' );

As for the previous examples, do not forget to create the new specified folder if necessary and to include the old renamed plugins folder in it.

See also  Why Website + Dark Background is Better Than You Think

THE file where to configure security …

So why did I do all this talk about the architecture of your installation? Well, because it is a safety setting that is not too complicated. But this is not the only one that the wp-config file allows! Indeed, it is one of the three files suitable for this kind of manipulation. Moreover, among the other two, we find the functions.php .

In fact, it is so made for that, if you install and activate a security plugin, some settings that you will have made in the WordPress administration will be reflected in the wp-config.php. For the most common, we will note the activation of the SSL certificate and the obligation to access the WordPress administration panel in https. Go check it out. I’m sure you will find at least that line.

define( 'FORCE_SSL_ADMIN', true );

Moreover, if you want to further secure ALL access to your site, you can also force the connection via https to your FTP with these lines.

Define ('FTP_SSL', true);

On the other hand, it is very likely that you will find your setting to deactivate the theme editor and extensions in the administration with these lines.

define( 'DISALLOW_FILE_EDIT', true );

Of course, you can add these lines yourself, rather than having a plugin do it for you. Just be careful to enter them before the line “/ * That’s all, stop editing! Happy publishing. * / ”.

For more security, it is also possible to define via your wp-config.php , the home of your site, the siteurl as well as the cookie domain.

define ('WP_SITEURL', 'https: //');
define('COOKIE_DOMAIN', '');

It’s fine, but I prefer plugins …

The purpose of this explanation is rather to show that knowing how to handle wp-config.php is an opportunity to lighten your WordPress installation. Indeed, the fewer plugins there are, the more you avoid the risk of conflicts and the number of requests which lengthen the loading time of your site. And I’m not even talking about adding folders and files as well as tables in the database… Moreover, knowing the potential of your files is also a way to better think about the construction of your site upstream! Because, the less you do tests, the less you risk installing and then leaving unnecessary files or data lying around that unnecessarily weigh down your website.

While waiting for these happy days, know that the wp-config file will also allow you to disable automatic WordPress updates , modify salting keys or even manage file permissions rather than through a transfer tool. FTP.

Manage performance via your wp-config.php?

We talked about the importance of wp-config.php to the database. We also talked about the possibilities offered in terms of security. However, it doesn’t end there! Indeed, the wp-config file also offers to optimize the performance of your website. And this in various ways, although the most important options relate to the database. Because yes, we come back to the primary role of the link file between the WordPress installation and this famous database.

Limit obsolete articles and pages? It’s possible !

So, the most useful that you might save a plugin is the management of article revisions. In fact, you can manually define the number of article revisions to be kept in the database with this line (here, the number is set at 3).

define('WP_POST_REVISIONS', 3);

However, you can also simply delete the saved article revisions like this.

define('WP_POST_REVISIONS', false );

Finally, in the same domain, you can also define the number of days during which the deleted articles and pages can be kept in the recycle bin (here, this number is fixed at 30).

define('EMPTY_TRASH_DAYS', 30 );

To prevent your content from going through the “trash” box, set the number of days to 0. Just be careful to enter these lines before the famous line “/ * That’s all, stop editing! Happy publishing. * / ”.

These manipulations can be useful to reduce the number of unnecessary rows in the database and therefore also unnecessary requests that could weigh on the memory of your WordPress.

Free yourself from constraints for you and your visitors

Exactly, memory, let’s talk about it! Often, it is your web host who sets the limit on the memory allocated by the server to your website. But, in some cases, you can get your hands on it. If you receive a message like “Allowed memory size of 640000 bytes exhausted ”, for example. If you have the possibility, you can therefore increase the allocated PHP memory and avoid this type of message.

See also  How to install CloudFlare Free CDN in Wordpress 6 [Guide 2022]
define( 'WP_MEMORY_LIMIT', '512' );
define( 'WP_MAX_MEMORY_LIMIT', '1024');

The above settings will allocate up to 512MB of RAM per PHP script for processes generated from the WordPress frontend, while scripts related to administration from the backend dashboard will be able to use up to 1024MB of RAM. .

Once again, be careful to write these lines before the famous line “/ * That’s all, stop editing! Happy publishing. * / ”.

On the other hand, the wp-config file offers other advanced features related to performance. If you’ve installed a cache plugin, you might find this line.

define( 'WP_CACHE', true );

Contrary to what one might think, it does not activate a possible WordPress cache. Above all, it allows the various cache plugins to work. However, it also allows you to take into account the various cache settings that you could write in the .htaccess file. Yes, I am talking about the third pillar file of your installation. Likewise, numerous advanced optimizations make it possible to increase administration speed and reduce requests to the database. But that will surely be for another time.

A whole range of options specific to WordPress …

Database, security, performance… Here are the three main uses of the wp-config file. However, this is also where you can change many aspects of the WordPress environment. Indeed, by familiarizing yourself a little with PHP, you will be able to do without a standard translation plugin with the constant WP_LANG. If, with that, I don’t make you want to just look into the question …

On the other hand, this is where you can activate WordPress Multisite if needed.Then, it is always in this file that you can operate the various settings and fix any potential bugs. And by “bugs”, I mean in particular the conflicts that can appear with cookies. Because yes, the wp-config.php is also the place to define the constants related to cookies.

… Including those that can save your life!

an error can have several causes. Hence the interest in being able to target its origin when it occurs. And, once again, it is the wp-config file that will allow us to do this. Indeed, in a new installation of WordPress, a line is automatically generated just before the famous comment “/ * That’s all, stop editing! Happy publishing. * / ”. This is it.

define( 'WP_DEBUG', false );

Replace “false” with “true” and go to your website. Logically, above the header, a list of all errors should appear. Then you just have to solve the problems by going to the places indicated. However, do not forget to change the value back to “false” after the operation is complete. And I don’t recommend this just for aesthetic reasons. Indeed, since anyone can see this list, this magical tool can quickly become an irrecoverable security hole.

functions.php: the heart of your WordPress theme

Unlike the wp-config file, functions.php is not at the root of your WordPress installation. Moreover, we can not really say that it is essential for the functioning of WordPress itself. On the other hand, it is for that of your website! Why ? Because it is mandatory in the proper functioning of a theme. No functions.php ? No theme! No theme? No website! CQFD …

Indeed, functions.php is one of the two mandatory files to put in a theme. 

So, to find it, you just have to open the directory containing your theme in wp-content → themes.

Note : another way to work on this file simply and without risk is to use the free Code Snippets plugin . The latter removes the need to add custom snippets directly to your functions.php theme file .

The functions.php file is located at the root of your theme.

What exactly is the functions.php?

Beyond being the essential pillar of your theme, what is this famous functions.php for ? Well, to put it simply, it allows you to add or remove functionality to your theme. It is for this reason that it is often said that it works like a plugin. Moreover, if you are comfortable with PHP, this file even allows you, in a good part of the cases, to import code of your plugins to personalize it without fear of the updates of the extension in question. Even if some plugins are more recalcitrant than others …

Customize WordPress? It’s in the functions.php!

However, no need for a preinstalled plugin to add functionality via the functions file! Indeed, certain lines of code can very well replace an existing plugin. And, you are starting to know me, this is something that I find very interesting! Let’s take a simple and concrete example: the classic WordPress editor. This one disappeared with the update of WordPress 5.0 in favor of Gutenberg. And even if some very well done tutorials allowed us to familiarize ourselves with it, many of us still prefer the old editor. For this, a plugin exists: Classic Editor . But we can very well do without this simple line to be included afterwards in the functions.php .

See also  How to identify a typeface with Fonts Ninja?
add_filter('use_block_editor_for_post', '__return_false', 10);

Thus, if you decide to do without certain plugins, the “pieces of code” that you will find will be, unless otherwise specified, to be put in this file. The possibilities are virtually endless. In addition, be aware that the personalization can even concern your administration panel with, for example, the addition of columns for the lists of your articles, your pages or even your users.

A file also there to enhance WordPress

However, customization through the functions file doesn’t just stop at WordPress. At least to its own functionalities. Indeed, the file is also conducive to add external modules to our favorite CMS. And this is still the opportunity to do without adding plugins. I’m thinking in particular of adding the Font Awesome library or the Tarteaucitron.js script .

Moreover, this is valid for all libraries or scripts.

Simple but very useful security features …

But like the wp-config.php , the functions.php file can receive significant security additions. ! Among them, I am thinking in particular of removing the version number of WordPress or hiding the causes of connection errors from users.

You will understand, these security settings mainly consist in hiding as much information as possible from those who would crawl your website. Because the more we know about your WordPress, the more vulnerable it is. In this sense, you can still be more discreet. Indeed, you can also delete the versions of your CSS and JS files with this function.

function remove_ver_css_js( $src ) {
 if ( strpos( $src, 'ver=' . esc_url(get_bloginfo( 'version' )) ) )
  $src = remove_query_arg( 'ver', $src );
 return $src;
add_filter( 'style_loader_src', 'remove_ver_css_js', 9999 );
add_filter( 'script_loader_src', 'remove_ver_css_js', 9999 );

When you have familiarized yourself with the operation of the file and the functions, you will even be able to hide the plugins that your WordPress has within your administration panel!

… And very efficient performance settings!

But in the meantime, let’s move on to the optimizations you can make in terms of performance. They mainly consist in removing native WordPress features that will not be useful to you. I have listed a non-exhaustive list of these features below.

remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'feed_links_extra', 3 );
remove_action('wp_head', 'feed_links', 2 );
remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0 );
remove_action('wp_head', 'index_rel_link' );
remove_action('wp_head', 'parent_post_rel_link', 10, 0);
remove_action('wp_head', 'start_post_rel_link', 10, 0);
remove_action('wp_head', 'adjacent_posts_rel_link', 10, 0);

Moreover, we can add to this list the removal of WPembed, which is now integrated directly into the kernel, with these few lines!

function my_deregister_scripts() {
 wp_dequeue_script( 'wp-embed' );
add_action( 'wp_footer', 'my_deregister_scripts' );

Finally, your cache extension will surely take care of disabling emojis on your WordPress. These little icons load up unnecessary scripts that adversely affect the performance of your website. Note that this option can be integrated directly into the functions.php with a relatively complex combo of functions.

functions.php: a plugin or functions?

I may have lost you on one point by explaining the possibilities of functions.php . It works like a plugin but isn’t a plugin? Can we include functions? So, I’m telling you right away: stop thinking! Rather, it’s important to familiarize yourself with these words and maybe even the overall structure of the codes you see. So, as you progress with WordPress, these words and codes will not be unfamiliar to you to the point of perhaps trying to handle them yourself. After all, we’ve all been there …

As you will have (re) discovered in this article, the wp-config.php and functions.php files are real gold mines to optimize your WordPress. You can leave them alone, but using them is an opportunity to make your website more qualitative. Indeed, these files make it possible to secure your installation and make it more efficient. All in an optimized way since it eliminates the need for often heavier extensions.

I encourage you to familiarize yourself with. Just remember to save each of them to prevent mishandling from ruining your work. Then, test the few lines that I have proposed in this article. You will find that this is a good workout before you maybe take it up a notch by visiting various forums.

And you, have you taken the plunge and customized your wp-config.php and functions.php ?
Tell us in the comments!

5/5 - (1 vote)

Tagged in:


About the Author

SAKHRI Mohamed

Founder & Editor

Passionate about the web, new technologies and IT, I share on tutorials, tips, advice, online tools and software for Windows, Mac and Linux. I'm the founder of this blog and I'm very interested in anything to do with technology, but I also love playing games. I was born in Constantine, but now I live in Algiers/Algeria

View All Articles